• Recent Posts

  • Facebook Sees 600,000 Compromised Logins Daily
  • Windows 8 – Virtualization Solutions
  • Anonymous is planning a DoS attack this weekend
  • Download Windows 8, SharePoint workshop, MCT Summit
  • Apple’s iCloud runs on Microsoft Azure

• Archives

  • November 2011
  • September 2011
  • August 2011
  • July 2011
  • April 2011
  • March 2011
  • February 2011
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • November 2009
  • October 2009
  • September 2009
  • March 2009
  • January 2009
  • December 2008
  • August 2008
  • July 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008

Pac IT Pros members: Have you heard of the KHOBE – 8.0 earthquake for Windows? This is a update to an attack Windows security products from several years ago. The new attack can bypass every Windows security product tested and allow malicious code to make its way to your system. The KHOBE attack, (Kernel HOok Bypassing Engine), leverages a Windows module called the System Service Descriptor Table, or SSDT, which is hooked up to the Windows kernel. Unfortunately, SSDT is utilized by antivirus software. This attack does NOT need admin privileges. If you are running as a standard user you are susceptible.

Below is a list of software known (at this time) to be susceptible to a KHOBE attack.

• 3D EQSecure Professional Edition 4.2
• avast! Internet Security 5.0.462
• AVG Internet Security 9.0.791
• Avira Premium Security Suite 10.0.0.536
• BitDefender Total Security 2010 13.0.20.347
• Blink Professional 4.6.1
• CA Internet Security Suite Plus 2010 6.0.0.272
• Comodo Internet Security Free 4.0.138377.779
• DefenseWall Personal Firewall 3.00
• Dr.Web Security Space Pro 6.0.0.03100
• ESET Smart Security 4.2.35.3
• F-Secure Internet Security 2010 10.00 build 246
• G DATA TotalCare 2010
• Kaspersky Internet Security 2010 9.0.0.736
• KingSoft Personal Firewall 9 Plus 2009.05.07.70
• Malware Defender 2.6.0
• McAfee Total Protection 2010 10.0.580
• Norman Security Suite PRO 8.0
• Norton Internet Security 2010 17.5.0.127
• Online Armor Premium 4.0.0.35
• Online Solutions Security Suite 1.5.14905.0
• Outpost Security Suite Pro 6.7.3.3063.452.0726
• Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION
• Panda Internet Security 2010 15.01.00
• PC Tools Firewall Plus 6.0.0.88
• PrivateFirewall 7.0.20.37
• Security Shield 2010 13.0.16.313
• Sophos Endpoint Security and Control 9.0.5
• ThreatFire 4.7.0.17
• Trend Micro Internet Security Pro 2010 17.50.1647.0000
• Vba32 Personal 3.12.12.4
• VIPRE Antivirus Premium 4.0.3272
• VirusBuster Internet Security Suite 3.2
• Webroot Internet Security Essentials 6.1.0.145

Doug Spindler

Comments

• Search PacITNews

  Search for:

• Follow Us on LinkedIn

  

• Join Us on Facebook

  

• Follow Us on Twitter

  • RT @jkc137: Are you a Powershell junkie looking for a chance to show your stuff? @PacITPros is looking for a speaker for the March TechD ... 2012/02/03
  • RT @richardhicks: I'll be presenting #Forefront #TMG #UAG and #DirectAccess @pacitpros TechDays SF in March. Register here: http://t.co/ ... 2012/02/03
  • RT @scevans: I'm speaking at an IT Pro Conference Mar 22/23rd in SF. Register at http://t.co/jK14KN8k 2012/02/03
  • RT @UberGeekGirl: Learning about server migration tools from @joeysnow at @pacitpros tonight. Full house. 2012/01/25

• Links

  • Pac IT Pros Home Page

• Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org